Fair enough ...

Looking at org.apache.catalina.connector.Response a url of e.g.
http://localhost/?1 results in a path of length 0 which doesn't append the
jsessionid.

if( sb.length() > 0 ) { // jsessionid can't be first.

It's obviously a tomcat issue ... but given the fact that tomcat is widely
used ... can't we do something about that?
Well I did by using ONE_PASS_RENDER ;)

Thanks
Willo

    /**
     * Return the specified URL with the specified session identifier
     * suitably encoded.
     *
     * @param url URL to be encoded with the session id
     * @param sessionId Session id to be included in the encoded URL
     */
    protected String toEncoded(String url, String sessionId) {

        if ((url == null) || (sessionId == null))
            return (url);

        String path = url;
        String query = "";
        String anchor = "";
        int question = url.indexOf('?');
        if (question >= 0) {
            path = url.substring(0, question);
            query = url.substring(question);
        }
        int pound = path.indexOf('#');
        if (pound >= 0) {
            anchor = path.substring(pound);
            path = path.substring(0, pound);
        }
        StringBuilder sb = new StringBuilder(path);
        if( sb.length() > 0 ) { // jsessionid can't be first.
            sb.append(";");
            sb.append(ApplicationSessionCookieConfig.getSessionUriParamName(
                    request.getContext()));
            sb.append("=");
            sb.append(sessionId);
        }
        sb.append(anchor);
        sb.append(query);
        return (sb.toString());

    }


On Thu, Nov 17, 2011 at 6:52 PM, Igor Vaynberg <[email protected]>wrote:

> as long as we are passing the /?1 url through
> servletresponse#encoderedirecturl() tomcat is responsible for
> appending the JSESSIONID if its not yet available in a cookie...
>
> -igor
>
> On Thu, Nov 17, 2011 at 2:16 AM, thomas willomitzer <[email protected]> wrote:
> > Hi,
> >
> > Thanks for the advice! I follwed and traced the problem. Think it's a
> > combination of Wicket and Tomcat...
> >
> > When i send the request for http://localhost/, wicket get's the session
> > from tomcat, renders the page and buffers the response (since
> > ONE_PASS_RENDER isn't default).
> > Wicket (1.5.3) also appends the ?1 and sends a 302 redirect to
> > http://localhost/?1 (in the 302 response header the cookie get's
> correctly
> > set - but not appended to the redirect URL).
> > Tomcat (7.0.22) doesn't append jsessionid to an url like
> http://localhost/?1.
> > Looks like it's still the "empty path" and tomcat problem that prohibits
> > the appending of jsessionid.
> >
> > Now when I don't use cookies and follow the request to
> > http://localhost/?1how should wicket know which session we're talking
> > about?
> >
> > Please note that this problem doesn't exist when sending a request to
> e.g.
> > http://localhost/login. I get a correct redirect to
> > http://localhost/login;jsessionid=xxxxxxxxxx.
> >
> > I could think of the following "workaround":
> > 1.) For the homepage use ONE_PASS_RENDER
> >
> > Is this a tomcat/wicket combination problem or am I doing something
> wrong?
> >
> > Many thanks
> > Willo
> >
> > On Wed, Nov 16, 2011 at 7:57 PM, Bertrand Guay-Paquet <
> > [email protected]> wrote:
> >
> >> I don't know of any other specific causes unfortunately...
> >>
> >> Try setting a breakpoint in RequestCycle#onBeginRequest() and see what
> >> happens. Try your page constructor too since it might be closer to the
> >> source of the problem.
> >>
> >> Good luck!
> >> Bertrand
> >>
> >>
> >> On 16/11/2011 12:21 PM, thomas willomitzer wrote:
> >>
> >>> Hi,
> >>>
> >>> Thanks I checked but no getPageParameters() override ;)
> >>>
> >>> Regards
> >>> Thomas
> >>>
> >>> On Wed, Nov 16, 2011 at 6:04 PM, Bertrand Guay-Paquet<
> >>> [email protected]>  wrote:
> >>>
> >>>  Hi,
> >>>>
> >>>> I had a redirect loop once because I added an override to
> >>>> Page#getPageParameters() by mistake. I wanted to use my method to
> >>>> generate
> >>>> a new PageParameters instance for a page but overriding the Page
> method
> >>>> gave your result.
> >>>>
> >>>> It's worth a shot!
> >>>>
> >>>> Regards,
> >>>> Bertrand
> >>>>
> >>>>
> >>>> On 16/11/2011 11:40 AM, thomas willomitzer wrote:
> >>>>
> >>>>  Dear All,
> >>>>>
> >>>>> I've managed to get the jsessionid appended correctly when
> requesting a
> >>>>> page without cookies enabled (wicket 1.5.3, tomcat 7.0.22).
> >>>>>
> >>>>> I get
> >>>>> curl -v --insecure https://localhost/ ->   Location:
> >>>>> https://localhost/?1
> >>>>> curl -v --insecure https://localhost/?1 ->   Location:
> >>>>>
> https://localhost/.;****jsessionid=****D62D2D693854214C847E7A75439909**
> >>>>> **A3<
> https://localhost/.;**jsessionid=**D62D2D693854214C847E7A75439909**A3>
> >>>>> <
> https://localhost/.;**jsessionid=**D62D2D693854214C847E7A75439909**A3<
> https://localhost/.;jsessionid=D62D2D693854214C847E7A75439909A3>
> >>>>> >
> >>>>> curl -v --insecure
> >>>>>
> https://localhost/.;****jsessionid=****D62D2D693854214C847E7A75439909**
> >>>>> **A3<
> https://localhost/.;**jsessionid=**D62D2D693854214C847E7A75439909**A3>
> >>>>> <
> https://localhost/.;**jsessionid=**D62D2D693854214C847E7A75439909**A3<
> https://localhost/.;jsessionid=D62D2D693854214C847E7A75439909A3>>->
> >>>>>   HTTP 404
> >>>>>
> >>>>>
> >>>>> change URL (erasing ".") to
> >>>>> curl -v --insecure
> >>>>> https://localhost/;jsessionid=******D62D2D693854214C847E7A75439909**
> >>>>> **A3<
> https://localhost/;jsessionid=**D62D2D693854214C847E7A75439909**A3>
> >>>>> <
> https://localhost/;**jsessionid=**D62D2D693854214C847E7A75439909**A3<
> https://localhost/;jsessionid=D62D2D693854214C847E7A75439909A3>>->
> >>>>>   Location:
> >>>>>
> >>>>> https://localhost/?1
> >>>>>
> >>>>> When trying in a browser I get the warning that it's a redirect loop.
> >>>>>
> >>>>> Can somebody please point me to what I'm doing wrong here?
> >>>>>
> >>>>> Many Thanks
> >>>>> Thomas
> >>>>>
> >>>>>
> >>>>>  ------------------------------****----------------------------**
> >>>> --**---------
> >>>> To unsubscribe, e-mail: users-unsubscribe@wicket.**apa**che.org<
> http://apache.org>
> >>>> <users-unsubscribe@**wicket.apache.org<
> [email protected]>
> >>>> >
> >>>>
> >>>> For additional commands, e-mail: [email protected]
> >>>>
> >>>>
> >>>>
> >
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: [email protected]
> For additional commands, e-mail: [email protected]
>
>

Reply via email to